- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201801-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, Google Chrome: Multiple vulnerabilities Date: January 07, 2018 Bugs: #640334, #641376 ID: 201801-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 63.0.3239.108 >= 63.0.3239.108 2 www-client/google-chrome < 63.0.3239.108 >= 63.0.3239.108 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass content security controls, or conduct URL spoofing. Workaround ========== There are no known workarounds at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-63.0.3239.108" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=www-client/google-chrome-63.0.3239.108" References ========== [ 1 ] CVE-2017-15407 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15407 [ 2 ] CVE-2017-15408 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15408 [ 3 ] CVE-2017-15409 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15409 [ 4 ] CVE-2017-15410 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15410 [ 5 ] CVE-2017-15411